| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2022 19:02:54 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, mykolal@...com,
shuah@...nel.org, davem@...emloft.net, edumazet@...gle.com,
kuba@...nel.org, pabeni@...hat.com, jakub@...udflare.com
Cc: bpf@...r.kernel.org, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org, cgroups@...r.kernel.org,
linux-kernel@...r.kernel.org, houtao1@...wei.com,
Roberto Sassu <roberto.sassu@...wei.com>
Subject: [PATCH 0/7] bpf: Add fd modes check for map iter and extend libbpf
From: Roberto Sassu <roberto.sassu@...wei.com>
Add a missing fd modes check in map iterators, potentially causing
unauthorized map writes by eBPF programs attached to the iterator. Use this
patch set as an opportunity to start a discussion with the cgroup
developers about whether a security check is missing or not for their
iterator.
Also, extend libbpf with the _opts variant of bpf_*_get_fd_by_id(). Only
bpf_map_get_fd_by_id_opts() is really useful in this patch set, to ensure
that the creation of a map iterator fails with a read-only fd.
Add all variants in this patch set for symmetry with
bpf_map_get_fd_by_id_opts(), and because all the variants share the same
opts structure. Also, add all the variants here, to shrink the patch set
fixing map permissions requested by bpftool, so that the remaining patches
are only about the latter.
Finally, extend the bpf_iter test with the read-only fd check, and test
each _opts variant of bpf_*_get_fd_by_id().
Roberto Sassu (7):
bpf: Add missing fd modes check for map iterators
libbpf: Define bpf_get_fd_opts and introduce
bpf_map_get_fd_by_id_opts()
libbpf: Introduce bpf_prog_get_fd_by_id_opts()
libbpf: Introduce bpf_btf_get_fd_by_id_opts()
libbpf: Introduce bpf_link_get_fd_by_id_opts()
selftests/bpf: Ensure fd modes are checked for map iters and destroy
links
selftests/bpf: Add tests for _opts variants of libbpf
include/linux/bpf.h | 2 +-
kernel/bpf/inode.c | 2 +-
kernel/bpf/map_iter.c | 3 +-
kernel/bpf/syscall.c | 8 +-
net/core/bpf_sk_storage.c | 3 +-
net/core/sock_map.c | 3 +-
tools/lib/bpf/bpf.c | 47 +++++-
tools/lib/bpf/bpf.h | 16 ++
tools/lib/bpf/libbpf.map | 10 +-
tools/lib/bpf/libbpf_version.h | 2 +-
.../selftests/bpf/prog_tests/bpf_iter.c | 34 +++-
.../bpf/prog_tests/libbpf_get_fd_opts.c | 145 ++++++++++++++++++
.../bpf/progs/test_libbpf_get_fd_opts.c | 49 ++++++
13 files changed, 309 insertions(+), 15 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/libbpf_get_fd_opts.c
create mode 100644 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_opts.c
--
2.25.1
Powered by blists - more mailing lists